Some base numbers as it stands now: Total Anomalies: ~8000 Total Prefixes in BGP: ~400 We don't mitigate _everthing_ - if our transit can handle the inbound then it doesn't do anything - just alert and take a pcap dump for further tuning. If we see congestion, it moves prefixes around to a scrubbing center to clean the traffic before returning back to us. This is also just domestic AU, international traffic is on another system that gets scrubbed 24x7. We have close to 20 policys & threshold templates for all different scenarios. Though I was talking about the stability of the software, whilst dealing with around 20Gbit raw data. I've only seen one issue (thinking about it now, I need to raise a Feature Request for this) - which is the ability to use the number of source IPs as a metric to compliment pkt/s and bits/s thresholds. Would be nice to trigger a rule if "total num src IPs" >= 100 + 600M of TCP then start moving, but if only 600M TCP and 1 SRC IP, then leave it as it is. Regards, Nick